General Questions

A. It is the use of two independent means of evidence (factors) to assert the identity of a user requesting access to some application or service to the organization that provides the application or service. The objective of 2-Factor authentication, as a method of electronic computer authentication, is to decrease the probability that the requestor is not who he/she claims to be.

Any person who has used an ATM machine to withdraw cash for a bank account has used 2-Factor authentication - you had to provide something you had (a card) and had to provide something you know (a PIN) in order to complete the transaction.

A. Privacy, and the threat of identity theft, is increasingly a concern as more of personal information finds its way to online applications. In addition, passwords alone can frequently be easily guessed or compromised through phishing or hacking, consequently, no longer providing adequate protection for mission-critical information system and applications containing Personally Identifiable Information.

A. Any TAMU-CC faculty, staff, student, or designated affiliate who needs to have access to a system or service that is protected by Duo two-factor authentication will eventually need to use the service.

A. Once a user is enrolled in Duo, the user will need to answer a second-factor credential challenge to authenticate into any application or server that has been configured for the Duo Second-Factor Authentication service.

A. With increasing security attacks across higher education institutions, passwords alone are not a sufficient way to protect resources. Two-factor authentication decreases the risk of compromise because a hacker would need to acquire the thing you "have", as well as the thing you "know".

The only data that Duo stores for a user is the subscriber's IslandID (Duo does NOT know your IslandID password) and information about your second factor, such as a phone number (if using a phone for the service) or the serial number of your hardware token (if not using a phone for the service).

A. We recommend never using the "Remember me for 7 days" feature on a shared computer. You may use it on computers you are the sole user of as long as you take responsibility for the security of access to that machine.

Using Duo with Your Phone

A. A smartphone is the best choice since it provides the greatest level of security and allows you to use the Duo Mobile App. The app generates passcodes for login and can receive push notifications for easy, one-tap authentication.

A. Yes, any cell phone will work, but it will not include the advantages of the app (passcodes, prompts, etc.) and may result in regular cell phone charges in order to call back and authenticate (depending on the client's phone service).

You need to take into consideration the stationary nature of a landline. Even if you work almost exclusively at your desk in your office where the landline is located, you might on rare occasions need to have access to your Duo protected services from home or from a remote location.

A. First, using Duo on your phone is perfectly safe, and a smartphone is the preferable device to use for a number of reasons (app being available, calling prompts, one fewer "thing" to carry around and keep track of, etc.) In other words, a phone (especially a smartphone) is the preferred method.

Having said that, a hardware token is available for use instead of a phone.

A. Text messages and voice calls are sent only when you request them, and they would be billed by your carrier in the same way that any other text message or call would. TAMU-CC will not reimburse you for these charges. If the charges when using Duo exceed a level that you're comfortable with, then consider switching to a hardware token rather than a cell phone for the service.

A. Yes, you can change to a different phone with a different number. You will need to reactivate Duo on the new device, and if it's a different type of device (for example, if you're going from Android to iPhone), then you will need to make sure that you select the new phone type before reactivating.

A. The app requests access to the camera. This is to scan the QR code during the activation process. It does not access your other apps or other data on your phone; it uses some base functionality of the phone and a certificate that identifies your phone to ensure accurate identification.

A. If this is the first time that you've used the service on this particular phone, then make sure that the enrollment process has been completed and then try again.

If you've used the service on this phone before and cannot login, then make sure that phone is not locked. If it is unlocked, then you may need to restart the mobile device and try again.

Make sure that you're using the correct mobile device. If you're using a new device (even if you have the same phone number), then reactivate Duo Mobile for the new device. (If you're changing types of phone, such as going from an Android to an iPhone, then select the new type of phone before reactivating.)

If the service is still not working, then contact the IT Service Desk.

A. If you have stopped receiving push notifications, then check the network connection on your device. It may help to take your phone into and out of airplane mode. Try turning Wi-Fi off and resending yourself a push message. If these steps do not resolve the issue, contact the IT Service Desk.

For further assistance or to provide feedback, please contact the IT Service Desk at 361.825.2692 or ITHelp@tamucc.edu.